discordrat | ab729e0863a50f12c74f4a9b73e5127b60eab312497e973c035634f32d04e048 | Triage

Sharing

General

Target

multitool.rar
Size

63.5MB
Sample

250101-zlk9cswkbr
MD5

330e14e8d8bbf6fc18785e3cbf4a288a
SHA1

8c9a883aab54b9903643c72f6adf6da98c9337c7
SHA256

ab729e0863a50f12c74f4a9b73e5127b60eab312497e973c035634f32d04e048
SHA512

7d4c9d5e11938c309574afd6dae058a22ac6e83a5b531f904568fb098035d25d0d9c9e8bcaa65e5e8b0cb776c353ad5733447826bbb5bc03f48b02c75036d13f
SSDEEP

1572864:f+x5fZPiWRRgefQZuxv0/8MGKevL2PGKevL2G:qfZP/bgsxv0/8bJvnJvx

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Targets

- Target
  
  multitool/files/DDOS.exe
- Size
  
  76KB
- MD5
  
  3cd1140e0ad30f6c61033087a77a9f6b
- SHA1
  
  684625ab7dcb2426619c7a9db3b7048b5a0d3a6f
- SHA256
  
  7c2deed77fe60b39a7547519101242969263fcc97bbc4afab6c21a1f68f2ec09
- SHA512
  
  7fb24e57dfe39418c0cacad09b3a7a4814372e45e1186ee0972216a09805dafa0312e160dc58fa1ce93357f2bc6b7b111e81ffdcf24fe739b874928e1b72edf2
- SSDEEP
  
  768:DEKKEfXKG582pT+E4dljinpeV4wNhZK3A3KZixvZ/fEB:cC1pTR4dljipEj43e7C
Score

3^/10
behavioral1
- Target
  
  multitool/files/FastVisits.exe
- Size
  
  36KB
- MD5
  
  c28035f0201a7e5c164336bb9f67c1b6
- SHA1
  
  c7ac01d8831f142bd19682d3130486b731dca0c6
- SHA256
  
  1e259f02f569acf752ae378e098e4e156e9e9017c25562cf0372522b2a4c0584
- SHA512
  
  d7ac6d8a57e78ef061c5e3377783ca0fca91df47eac91d6eb5d6a060208f1d5eed64eb99d4a90a2a34b87622386138f05b9b281af06e97a2648b5a67b4018748
- SSDEEP
  
  384:k7zrmZoFAhtWU8p9mbZvo96uKguWnC3/e/mxoHz6UAjcZna0ijjAE+moA8cVCLj3:kwWU83mqHnCvegbkaPcEvvnQLdRoHnC
Score

1^/10
behavioral2
- Target
  
  multitool/files/LeanWoofer (Unpacked).exe
- Size
  
  13.7MB
- MD5
  
  d0a98fa40de2eccb6a4e1988326c15c9
- SHA1
  
  daf93367ce142344257f8bc03e53c94c5550fce4
- SHA256
  
  b309755e4da75c31deee0a94f21ac780ca109346d297becf521c73b5ec600f06
- SHA512
  
  5f89df32e243fb43d90ba451def0e2fc30bd36deea5c72a842ab80a1e695f8c43c42f34a0c568cd5117c831914787c8f45739c4bdabc62459793792192fa699d
- SSDEEP
  
  393216:xZFdTHWZRIQQeyYXhxiFCxWKxxnp+2GmGQ7kTIV:xZFhARI6XhaCxWKxxnpnGagm
Score

3^/10

discovery
behavioral3
- Target
  
  multitool/files/Release/Discord rat.exe
- Size
  
  79KB
- MD5
  
  d13905e018eb965ded2e28ba0ab257b5
- SHA1
  
  6d7fe69566fddc69b33d698591c9a2c70d834858
- SHA256
  
  2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
- SHA512
  
  b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
- SSDEEP
  
  1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
behavioral4
- Target
  
  multitool/files/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  6cbe11d4d3f98950277dfe6d41087f19
- SHA1
  
  99b61b8610e3fd4fe57787cc83bbb54c7872b292
- SHA256
  
  9fa63f758c50a9b7b406610da42e7b81593b83309a7e03a072ec918f423b4a1d
- SHA512
  
  a55dd366655d53e80e34a47dc57b80dfaa87ab5841ab3a9c30e4fd20d77182120cb93dc238fa0b5f42038020487a310662f9219908b79312712c528f5ef4d524
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:u8NlaVeuHF
Score

1^/10
behavioral5
- Target
  
  multitool/files/builder.exe
- Size
  
  10KB
- MD5
  
  4f04f0e1ff050abf6f1696be1e8bb039
- SHA1
  
  bebf3088fff4595bfb53aea6af11741946bbd9ce
- SHA256
  
  ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
- SHA512
  
  94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
- SSDEEP
  
  96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs
Score

3^/10

discovery
behavioral6
- Target
  
  multitool/files/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  508ccde8bc7003696f32af7054ca3d97
- SHA1
  
  1f6a0303c5ae5dc95853ec92fd8b979683c3f356
- SHA256
  
  4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a
- SHA512
  
  92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d
- SSDEEP
  
  24576:WHjoaczZfdE55hHl0WQ/OO4yb99MANKtv7f2dcME:tm/BQWgww
Score

1^/10
behavioral7
- Target
  
  multitool/files/woofer.exe
- Size
  
  13.4MB
- MD5
  
  0933793f1e2b5a9a80275cfd2d7da1e5
- SHA1
  
  7e31aafd8f963dc413fe44a65b620e6dd3a6b3b8
- SHA256
  
  60677c248da104d4fcdf855bb80756e16224e85a782d16249a0d0d7393d3149a
- SHA512
  
  2d00aec6ff175c06835daf3c3518a1b78c56ccfb533e6b49a42aaf01b5128b325a721a16c209d314956c60aec8972373e00a1d0a63649a38dcd40d304866e497
- SSDEEP
  
  393216:FoFdTHWZRIQQXyYXhxiFCxWKxxnp+2GmGQ7kroV:FoFhARIzXhaCxWKxxnpnGagO
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral8
- Target
  
  multitool/main.bat
- Size
  
  2KB
- MD5
  
  6357b19e4a479b48d66104227cf5a32f
- SHA1
  
  61a1be7dd806c2cb5bfd8def4dee316c28ff6637
- SHA256
  
  98b4f8e7c918137dc1e5fb0e67926d8d1e657b7d0f22437f3a8829ee0ba26bff
- SHA512
  
  a0eff81a0598b343e6547430a1534df7c13e9d70ce78faf8f0480d5f3f327b8ff28d95b2cba9ca21813e87479357adaaeb61973c8ac3b1b5bf2868eb0087116c
Score

3^/10

discovery
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

discordratpersistenceratrootkitstealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9